#1 Commentary and feature suggestions


I'm delighted to see that someone's writing an OTP encryption plugin. I've always had the idea of doing one but I'm a .NET/Mono guy, plus I can't be assed with GTK.

Here's some ideas:

If that's possible, inject an info bar between the message box and the input box, that displays various informations and warnings. Like how many messages are left based on remaining entropy and average message length. Warn if the key data isn't pure anymore (see below).

Add the option to remix key data when the users are about to run out. The idea is that you should be able to bridge the time between additional pure key data exchanges.

My idea was to reserve a certain amount of key data (e.g. the last 32KB) to use this to have one party initiate a remix by sending a block of random data and an remixer function. If a party initiates a remix, it grabs 30KB of /dev/urandom, encrypts it with the remaining existing key data and tells the other party to pause messaging until data's remixed.

The remixing process I had in mind is XORing the existing data using the 30KB (or more) new data in a round robin fashion. Additionally, a random remixer function should be agreed on and used, to mutate the output data (things like reverse bitorder on a byte, switch the even bits with the odd bits, funky mathematics that are determinate (since you want both parties to have the same keydata), and so on).

The infobar, if implemented, should tell the users that the key data isn't pure anymore, after it has been remixed. Ideally, the plugin also tracks the amount of remixes and indicates it.

Thanks for considering these.


  • Simon Wenner

    Simon Wenner - 2008-01-05

    Logged In: YES
    Originator: NO

    Hi, thanks for your feedback.

    GTK: Our plugin does not depend on GTK. It should work with every IM that uses purple (libpurple). That's also the reason why we won't (or can't) make big changes to the interface. All notifications are displayed as messages.

    Entropy: We do not plan to implement a stream crypter (mixer) because it would lower our cryptograhic strength. We are realy paranoid! ;-) In the upcomming versions, you will be notified by messages, that you key is nearly used completely and you should generate and exchange a new one. Alternatively you can always access you remaining entropy by typing "/otp info".

    But maybe someone else is willing to implement your desired features... ?

    Simon Wenner

  • Simon Wenner

    Simon Wenner - 2008-01-05
    • status: open --> closed

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks